Vladimir de Turckheim
Vladimir de Turckheim
Hey there, In order to detect potential XXE, I was thinking about adding a hook on External Entity Loading (probably by wrapping the default ExternalEntityLoader with something that would emit...
### What does this PR do? This PR introduces TUF-like integrity checks for upcoming Remote configuration updates.
This PR does two things: * introduce response headers collection in case of attacks * ensures we collect request headers in case of attacks even if they are not requested...
On the roadmap, there is a "Resources for learning Node.js" paragraph (in progress). What kind of links will be listed there ? - Will it be a digest of quality...
Hello All, Microsoft has granted us access to Microsoft Security Risk Detection (https://docs.microsoft.com/en-us/security-risk-detection/). This tool enables us to fuzz Node.js core in order to find possible vulnerabilities. With @mrkmarron, we...
We should probably start to reach out to other projects in the Foundation to check which ones would be interested in building a larger security community around JavaScript. Do we...
As per the Node.js security release process this is the FYI that there is going to be a security release on 22nd September 2022.
### What does this PR do? This allows the tracer to drop HTTP requests It is unfinished and requires: * an update to libddwaf ([see https://github.com/DataDog/dd-native-appsec-js/actions/runs/2883137843](https://github.com/DataDog/dd-native-appsec-js/pull/61)) * Rules update over...
Hey, I started a tentative of adding async hooks here. I still have a few issues to fix, but I wanted to check if: * I am on the right...
Hi, It seems that the async hooks feature will be available soon in Node.js core (https://github.com/nodejs/node/pull/12953). If a new version of the CLS is made using this features/ what would...